Ensure that Guest-Level Diagnostics feature is enabled for your Azure virtual machines (VMs) in order to gather diagnostic data useful to create notification alerts and get vital information about the state of your VM applications using advanced metrics.
PoC代码[已公开]
id: azure-vm-guest-diagnostics-unenabled
info:
name: Azure VM Guest-Level Diagnostics Not Enabled
author: princechaddha
severity: medium
description: |
Ensure that Guest-Level Diagnostics feature is enabled for your Azure virtual machines (VMs) in order to gather diagnostic data useful to create notification alerts and get vital information about the state of your VM applications using advanced metrics.
impact: |
Not having Guest-Level Diagnostics enabled may lead to insufficient data collection for troubleshooting and lack of visibility into application performance and operational health.
remediation: |
Enable Guest-Level Diagnostics on your Azure virtual machines to ensure comprehensive data collection and enhance monitoring capabilities.
reference:
- https://docs.microsoft.com/en-us/azure/virtual-machines/windows/diagnostics
tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config
flow: |
code(1);
for (let VMData of iterate(template.vmList)) {
VMData = JSON.parse(VMData);
set("ids", VMData.id);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az vm list --query '[*].{"id":id}'
extractors:
- type: json
name: vmList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az vm show --ids "$ids" --query '{"GuestLevelDiagnosticsConfig": resources[*].settings.ladCfg.diagnosticMonitorConfiguration}'
matchers-condition: and
matchers:
- type: word
words:
- '"GuestLevelDiagnosticsConfig": null'
extractors:
- type: dsl
dsl:
- 'ids + " does not have Guest-Level Diagnostics enabled"'
# digest: 4b0a00483046022100ca69e08c39a946404a3a75bcde2d557da1c5fc985b6b0c2674e53ba5a31236e1022100d4022772779470dccad5c30a8179007b05d446114887b8d9388859d5164f4976:922c64590222798bb761d5b6d8e72950